Malware sweeps across 1.3 million Android TV devices worldwide

Security experts report on the malware Android.Vo1d, which has affected almost 1.3 million smart TV sticks based on the Android TV system. The issue is global; infected devices have been detected in nearly 200 countries.

Researchers from Dr. WEB reported a vulnerability in Android TV's security. The malware Android.Vo1d, once it reaches the smart TV stick, can be remotely used by attackers to download and install additional third-party software or access memory thanks to root access. According to Dr.WEB, the issue was detected in three models of smart TV sticks: R4 with Android 7.1.2, TV BOX with Android 12.1, and KJ-SMART4KVIP with Android 10.1.

Interestingly, the Android.Vo1d software consists of several modules responsible for different malware functions. For example, the Android.Vo1d.1 module is used to download, install, and control the operation of another module (Android.Vo1d.3), which in turn launches yet another module that can download external software, run executable files, and install APK packages.

In other words, the software's operation is complex and can lead to both theft of data from the smart TV stick (likely not very much) as well as carrying out other attacks. It's important to note that such devices are usually connected to the main network in the home and generally do not receive frequent Android security updates. Thus, attackers have numerous opportunities once they successfully infect the device.

Researchers from Dr.WEB noted that the source is Android.Vo1d software is not yet known. It appears that user negligence caused the successful infection of at least some Android TV sticks. In some cases, infections were recorded on devices with Android TV 7.1, even though much newer versions of the system were available for those devices. Installing the latest updates could reduce the scale of the phenomenon.